This document describes the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on the Cisco Email Security Appliance (ESA).
Secure Sockets Layer (SSL) Version 3.0 (RFC-6101) is an obsolete and insecure protocol. While for most practical purposes, it has been replaced by its successors - Transport Layer Security (TLS) Version 1.0 (RFC-2246), TLS Version 1.1 (RFC-4346), and TLS Version 1.2 (RFC-5246) - many TLS implementations remain backwards?compatible with SSL Version 3.0 in order to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server is used. However, even if a client and server both support a version of TLS, the security level offered by SSL Version 3.0 is still relevant since many clients implement a protocol downgrade dance in order to work around server?side interoperability bugs.
Attackers can exploit the downgrade dance and break the cryptographic security of SSL Version 3.0. The POODLE attack allows them, for example, to steal ?secure? HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2014-3566.
Here is a list of relevant bugs:
Cisco bug ID CSCur27131 - SSL Version 3.0 POODLE Attack on the ESA (CVE-2014-3566)
Cisco bug ID CSCur27153 - SSL Version 3.0 POODLE Attack on the Cisco Security Management Appliance (CVE-2014-3566)
Cisco bug ID CSCur27189 - SSL Version 3.0 POODLE Attack on the Cisco Web Security Appliance (CVE-2014-3566)
Cisco bug ID CSCur27340 - SSL Version 3.0 POODLE Attack on the Cisco Ironport Encryption Appliance (CVE-2014-3566)
In Non-Federal Information Processing Standards (FIPS) Mode, SSL Version 3.0 is enabled in the default settings. In FIPS-Mode, SSL Version 3.0 is disabled by default. In order to check if FIPS mode is enabled, enter:
FIPS mode is currently disabled.
When FIPS mode is disabled, check if SSL Version 3.0 is enabled in the sslconfig settings. When sslv3 is listed as the method, SSL Version 3.0 is enabled. Change this to TLS Version 1 in order to disable SSL Version 3.0.